This is a simple question, can I open some service on the internal network only from a specific public IP address of the network something like an access list or must I first create a VPN with this address?
Ex. Open RDP protocol TCP 3389 on 82.x.x.x accessible only from 97.x.x.x
cetalfio
If you match “src-address” or “src-address-list” in the dst-nat rule, that will work for restricting access by IP.
To some extent, the VPN method would be “more secure”, because IP addresses are spoofable (though, unless your router returns the spoofed traffic to the right spot, the person spoofing the IP wouldn’t be able to actually connect to your network). We use src-address filtering for our remote access control on a regular basis, and haven’t observed problems.